CLSA-2026-1778492595 libxml2: Fix of CVE-2022-49043

CVE-2022-49043: fix use-after-free in xmlXIncludeAddNode by deferring xmlFreeURI until after the error path has consumed the value...

MiracleLinux 8 : libxml2-2.9.7-18.el8_10.2 (AXSA:2025-9668:02)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9668:02 advisory. libxml: use-after-free in xmlXIncludeAddNode CVE-2022-49043 Tenable has extracted the preceding description block directly from the MiracleLinux security...

MiracleLinux 9 : libxml2-2.9.13-6.el9_5.1 (AXSA:2025-9658:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9658:01 advisory. libxml: use-after-free in xmlXIncludeAddNode CVE-2022-49043 Tenable has extracted the preceding description block directly from the MiracleLinux security...

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-6.10.1.6)

The version of AOS installed on the remote host is prior to 6.10.1.6. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-6.10.1.6 advisory. - BZ2decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors...

TencentOS Server 3: libxml2 (TSSA-2025:0193)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0193 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

TencentOS Server 4: libxml2 (TSSA-2025:0159)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0159 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

Alibaba Cloud Linux 3 : 0034: libxml2 (ALINUX3-SA-2025:0034)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2025:0034 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2022-49043: xmlXIncludeAddNode in xinclude.c in...

Security Bulletin: AIX is vulnerable to a denial of service due to libxml2 (CVE-2022-49043)

Summary UPDATED May 5 2025 New iFixes provided for AIX 7.2 TL5 SP7, 7.3 TL1 SP2 and SP3, 7.3 TL2 SP1, and VIOS 3.1.4.31. The new iFixes include a packaging change to clarify that the iFixes are cumulative and address relevant, previously issued AIX/VIOS libxml2 security bulletins. There is no...

Security Bulletin: IBM MQ Appliance is affected by a libxml2 use-after-free vulnerability (CVE-2022-49043)

Summary IBM MQ Appliance has addressed a libxml2 use-after-free vulnerability. Vulnerability Details CVEID:CVE-2022-49043 DESCRIPTION: xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free. CWE:CWE-416: Use After Free CVSS Source: [email protected] CVSS Base score: 8.1 CVSS...

Security Bulletin: IBM MQ Appliance is affected by a libxml2 use-after-free vulnerability (CVE-2022-49043)

Summary IBM MQ Appliance has addressed a libxml2 use-after-free vulnerability. Vulnerability Details CVEID:CVE-2022-49043 DESCRIPTION: xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free vulnerability. CWE:CWE-416: Use After Free CVSS Source: [email protected] CVSS Base...

Security Bulletin: Security vulnerabilities affect libxml2 and gcc packages shipped with IBM CICS TX Advanced.

Summary IBM CICS TX Advanced is impacted by security vulnerabilities found in packages libxml2 and gcc. IBM CICS TX Advanced has been updated in order to address these vulnerabilities. Vulnerability Details CVEID:CVE-2022-49043 DESCRIPTION: xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11....

AIX is vulnerable to a denial of service due to libxml2 (CVE-2022-49043)

IBM SECURITY ADVISORY First Issued: Fri Apr 25 08:23:03 CDT 2025 |Updated: Mon May 5 14:46:26 CDT 2025 |Update: New iFixes provided for AIX 7.2 TL5 SP7, 7.3 TL1 SP2 and SP3, | 7.3 TL2 SP1, and VIOS 3.1.4.31. The new iFixes include a packaging | change to clarify that the iFixes are cumulative and...

AIX (IJ54257)

The version of AIX installed on the remote host is prior to APAR IJ54257. It is, therefore, affected by a vulnerability as referenced in the IJ54257 advisory. - xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free. CVE-2022-49043 Note that Nessus has not tested for this...

AIX (IJ54258)

The version of AIX installed on the remote host is prior to APAR IJ54258. It is, therefore, affected by a vulnerability as referenced in the IJ54258 advisory. - xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free. CVE-2022-49043 Note that Nessus has not tested for this...

AIX (IJ54059)

The version of AIX installed on the remote host is prior to APAR IJ54059. It is, therefore, affected by a vulnerability as referenced in the IJ54059 advisory. - xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free. CVE-2022-49043 Note that Nessus has not tested for this...

AIX (IJ54061)

The version of AIX installed on the remote host is prior to APAR IJ54061. It is, therefore, affected by a vulnerability as referenced in the IJ54061 advisory. - xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free. CVE-2022-49043 Note that Nessus has not tested for this...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.18.9 bug fix and security update

Red Hat OpenShift Container Platform release 4.18.9 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.18. Red Hat Product Security has rated this update as having a...

RHEL 8 : libxml2 (RHSA-2025:2507)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:2507 advisory. The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fixes: libxml: use-after-free i...

RHEL 9 : libxml2 (RHSA-2025:2678)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:2678 advisory. The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fixes: libxml: use-after-free i...

libxml2 security update

2.9.7-19 - Fix CVE-2024-56171 RHEL-80122 - Fix CVE-2025-24928 RHEL-80137 2.9.7.18.2 - Fix CVE-2022-49043 RHEL-76289 2.9.7-18.1 - Fix CVE-2024-25062 RHEL-31056...